generators/image/random_image: Returns random image as a base64 string. leaks the image to the parameterised_website. Icons in the public domain - thanks to http://publicicons.org/

lib/helpers/constants.rb

@@ -44,6 +44,7 @@ DOCUMENTATION_DIR = "#{ROOT_DIR}/documentation/yard/doc"
 
 # Path to resources
 WORDLISTS_DIR = "#{ROOT_DIR}/lib/resources/wordlists"
+IMAGES_DIR = "#{ROOT_DIR}/lib/resources/images"
 
 # Path to secgen_functions puppet module
 SECGEN_FUNCTIONS_PUPPET_DIR = "#{MODULES_DIR}build/puppet/secgen_functions"

modules/generators/image/random_image/secgen_local/local.rb

@@ -0,0 +1,23 @@
+#!/usr/bin/ruby
+require 'base64'
+require_relative '../../../../../lib/objects/local_string_encoder.rb'
+class ImageGenerator < StringEncoder
+    attr_accessor :selected_image_path
+
+  def initialize
+    super
+    self.module_name = 'Random Image Generator'
+    self.selected_image_path = Dir["#{IMAGES_DIR}/*"].sample
+  end
+
+  def encode_all
+    file_contents = File.binread(self.selected_image_path)
+    self.outputs << Base64.strict_encode64(file_contents)
+  end
+
+  def encoding_print_string
+    'Random image generator: ' + self.selected_image_path
+  end
+end
+
+ImageGenerator.new.run

modules/generators/image/random_image/secgen_metadata.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+
+<generator xmlns="http://www.github/cliffe/SecGen/generator"
+               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+               xsi:schemaLocation="http://www.github/cliffe/SecGen/generator">
+  <name>Random Image Generator</name>
+  <author>Thomas Shaw</author>
+  <module_license>MIT</module_license>
+  <description>Selects and outputs random image from the lib/resources/images directory in base64 format.</description>
+
+  <type>image_generator</type>
+  <type>random_image</type>
+  <type>local_calculation</type>
+  <platform>linux</platform>
+  <platform>windows</platform>
+
+  <output_type>base64_encoded_image</output_type>
+  
+</generator>

modules/vulnerabilities/unix/webapp/parameterised_website/manifests/install.pp

@@ -12,7 +12,7 @@ class parameterised_website::install {
   $industry = $secgen_parameters['industry'][0]
   $product_name = $secgen_parameters['product_name'][0]
   $employees = $secgen_parameters['employees']
-  $ctf_flags = $secgen_parameters['ctf_flags']
+  $strings_to_leak = $secgen_parameters['strings_to_leak']
   $main_page_paragraph_content = $secgen_parameters['main_page_paragraph_content']
 
   $security_audit = $secgen_parameters['security_audit']
@@ -54,4 +54,10 @@ class parameterised_website::install {
     ensure  => file,
     content => template('parameterised_website/contact.html.erb'),
   }
+
+  $image_contents = $secgen_parameters['images_to_leak'][0]
+  file { "$docroot/image.png":
+    ensure => file,
+    content => base64('decode', $image_contents)
+  }
 }

modules/vulnerabilities/unix/webapp/parameterised_website/secgen_metadata.xml

@@ -13,7 +13,8 @@
   <access>remote</access>
   <platform>linux</platform>
 
-  <read_fact>ctf_flags</read_fact>
+  <read_fact>strings_to_leak</read_fact>
+  <read_fact>images_to_leak</read_fact>
   <read_fact>business_name</read_fact>
   <read_fact>business_motto</read_fact>
   <read_fact>manager_profile</read_fact>
@@ -29,11 +30,16 @@
   <read_fact>host_acceptable_use_policy</read_fact>
   <read_fact>security_audit</read_fact>
 
-  <default_input into="ctf_flags">
+  <default_input into="strings_to_leak">
     <generator type="flag_generator"/>
     <generator type="flag_generator"/>
   </default_input>
 
+  <!-- Currently only leaks 1 image, named images_to_leak for consistency. -->
+  <default_input into="images_to_leak">
+    <generator type="image_generator"/>
+  </default_input>
+
   <default_input into="business_name">
     <generator type="business_name"/>
   </default_input>

modules/vulnerabilities/unix/webapp/parameterised_website/templates/index.html.erb

@@ -1,6 +1,6 @@
 <% $current_page = 'Homepage' %>
 <html>
-<!-- <%= @ctf_flags[0] %> -->
+<!-- <%= @strings_to_leak[0] %> -->
 <%= scope.function_template(['parameterised_website/subtemplates/header.html.erb']) %>
 <body>
   <%= scope.function_template(['parameterised_website/subtemplates/navbar.html.erb']) %>

modules/vulnerabilities/unix/webapp/parameterised_website/templates/subtemplates/main_container.html.erb

@@ -1,6 +1,9 @@
 <div id="main_container" class="container">
   <div class="row">
     <div class="main_page_content">
+      <% if @images_to_leak -%>
+          <img src="image.png" height="128" width="128">
+      <% end -%>
       <% # Intranet style -%>
       <% if @security_audit or @acceptable_use_policy -%>
           <p class="lead">Welcome to the internal intranet server for <%=@business_name%>.</p>